Digital Forensics, Computer Forensics, eDiscovery

We are celebrating our 15th anniversary and want to invite you to be a part of it!
We would be more than happy if you share your story with us. We have written a rich history together, and we want to extend an opportunity to you to share your experience with Oxygen Forensics and how it has had a positive influence on your work and how we managed to make this world better and safer together.

Special prizes will be awarded to all the storytellers and three the best ones will also get a fully functional Oxygen Forensic Passware Analyst license.

Head replacement process refers to the process of replacing defective HDD heads with the heads from identical and functional hard disk drive. This process must be performed in order to recover data from disks that have suffered from head crush failure.

Process of replacing damaged HDD heads with functional ones is pretty complex task, especially if you consider risk of damaging HDD platters, which may cause permanent data loss. Various methods and techniques were used to perform head replacement process, with different percentage of success and high chances that something will go wrong.

The Certified Cyber Forensics Professional (CCFP) certification is the only global cyber forensics credential that provides a comprehensive validation of a candidate’s knowledge and skills as a digital forensics expert. Developed by (ISC)2, a leader in the information security certification market, CCFP is for those who have been working in the field and would like to take the next step and apply their cyber forensics expertise to a variety of challenges.

According to a recent report from the Center for Strategic and International Studies (CSIS), sponsored by security firm McAfee, cybercrime costs businesses approximately $400 billion worldwide, impacting approximately 200,000 jobs in the U.S., and 150,000 jobs in the EU.

I am sure that you are aware that when an SQLite database is opened if there is an associated WAL (Write Ahead Log) file then the pages in this WAL are automatically written to the main database, thus overwriting records, and the WAL file is reset. You may not be aware though that the WAL can contain multiple copies of the same page (each with different data/records) and that there can also be a sort of WAL “slack” i.e. records from a previous database transaction, if you like records from previous WAL files. So by opening the database and committing the WAL you are potentially overwriting/missing valuable evidence.

This article describes how WAL files work and how to deal with them forensically – the steps are very straight forward with the Forensic Toolkit for SQLite and the article takes you through them.

To stay on top of the rapidly evolving app landscape (and ensure IEF users continue to find as much digital evidence as possible in their investigations), the Magnet Forensics team has started to release more frequent artifact updates, adding to the list of hundreds of artifacts that IEF supports on computers, smartphones and tablets.

New this month, we have released support for a number of native iOS applications including Owner Information, Saved Wi-Fi Profiles, Saved Bluetooth Devices, Spotlight Searches, Word Dictionary, Installed Applications, Calendar Events, Deleted Notes, and Contacts. This new update is available now to customers who have added the mobile artifacts module to their license...

MPE+ 5.5.6 has been released featuring a new simpler installation process as well as new analysis and reporting capabilities. Some of the new features include:

Analysis
You can now select files in both the media and the carved view to export the file to a desired location in the files’ native form. This allows you to:
Report on carved files using the attach file function in reports
Save native files to an evidence folder for later analysis
View files that are not currently viewable in the natural view

Reporting
You can now report the information from the conversation view. While in the SMS view, you may select a message, right-click, and select a conversation view or select the conversation in the conversation pane. You can elect to remove the report by following the same procedure.

SQLite is a widely popular database format that is used extensively pretty much everywhere. Both iOS and Android employ SQLite as a storage format of choice, with built-in and third-party applications relying on SQLite to keep their data. A wide range of desktop and mobile Web browsers (Chrome, Firefox) and instant messaging applications use SQLite, which includes newer versions of Skype (the older versions don’t work anyway without a forced upgrade), WhatsApp, iMessages, and many other messengers.

Forensic analysis of SQLite databases is often concluded by simply opening a database file in one or another database viewer. One common drawback of using a free or commercially available database viewer for examining SQLite databases is the inherent inability of such viewers to access and display recently deleted (erased) as well as recently added (but not yet committed) records...

This is an exciting opportunity for a Senior Computer Forensic Analyst / Digital Forensic Analyst to join our fantastic new Digital Forensics Team. The successful candidate will report to the Digital Forensics Manager, and will be responsible for managing and delivering their individually assigned cases for forensic analysis of computer equipment and mobile devices.

* Carry out digital forensic examinations of electronic mobile devices.
* Work methodically using the processes and documentation.
* Follow the strict quality procedures but be willing to propose ideas for continuous improvement.
* Share knowledge and assist with in-house training for the benefit of the team and the business.
* Secure and preserve digital evidence within the laboratory and within clients’ premises.
* Use various tools and techniques to analyse and investigate evidence.
* Provide rapid, clear, verbal and written reports, often for use in the Criminal Justice System.